Connected cars have an impending threat of being subject to cyber attacks considering its early stages. The British government, while foreseeing this threat, wants to ramp up the security of smart vehicles to prevent hackers from gaining access to them. Smart vehicles include regular internet-connected cars and upcoming autonomous cars. This step will not only improve security on existing connected cars but also set design guidelines for manufacturers to prevent cyber security hacks in the future.
Connectivity in connected and autonomous cars
Most mainstream cars have limited smart features. They rarely use your personal information to function, and you can optionally connect your smartphone to them. You can take phone calls and play music from your phone, and that’s about it. The connection is restricted between your phone and car. Newer connected cars have features such as digital radio services, navigation using maps, emergency services, and travel information. Such cars have an embedded SIM-card to provide internet access, hence they can independently function without being connected to your smartphone. The advantage of having an inbuilt direct connectivity option is to receive over-the-air updates for features upgrades and security patches. This also opens up the car to vulnerabilities to cyber attacks if the security isn’t robust enough.
As vehicles become more connected, the vulnerability only scales up because of the increasing number of entry points. We already have keyless entry being implemented allowing owners to unlock their cars only with their smartphones, completely dropping physical keys. In order to enable this, your car needs to store your personal information which can only be verified using your identity. Your identity needs to be stored on your smartphone and your car. When an authentication is requested to your car, it unlocks after verification. What if your identity information is vulnerable and can be easily compromised from the car? This only reminds us of a Watch Dogs scenario where hackers run around stealing cars with just their smartphones. And this is just one of the scenarios where your connected car can be vulnerable to hacks.
Autonomous and semi-autonomous cars can pose an even massive threat if the system is vulnerable. The first and expected reaction on hearing about self-driving cars is losing control to a hacker remotely controlling the car. This has been a nightmare for autonomous car developers and also buyers for a long time. These cars will not only be connected to the internet, but they will be talking to each other along with the entire infrastructure. This drastically increases the risk of vulnerability to hacks, considering the hundreds of sensors working together onboard.
Connected cars are already vulnerable and DARPA even demonstrated the same by taking over the acceleration and braking of a Chevrolet Impala. There have been other numerous reports of security experts taking control of the car’s electronic system by fiddling around with the windshield wipers, horns, door locks, and crazily, even the steering wheel. Another major vulnerability was demonstrated by two security researchers along with WIRED when they took control of a Jeep Cherokee.
Regulations and safety standards in connected cars
Considering all the existing security flaws and possible threats in future connected cars, regulations will ensure that safety standards are maintained. The UK government announced that they will be laying out tough guidelines to ensure the same. Their new guidelines are not only pushing for safety in security but also trying to legislate insurance for self-driving cars. Accidents caused by self-driving cars pose a lot of confusion on who would be responsible for it. They also want manufacturers to support the vehicle’s security over its lifetime, including necessary after-sales support services and software updates.
Several safety-standards are being implemented in order to ensure secure communication between vehicles including a new wireless protocol to the IEEE 802.11 standard. Just for vehicular communication, the 802.11p protocol is dedicated for wireless short-range communications and now it is being pushed for vehicular environments. This protocol allows vehicle-to-vehicle and vehicle-to-infrastructure communication on the licensed Intelligent Transportation Systems (ITS) band of 5.9 GHz (5.85-5.925 GHz). The equivalent European standard is known as ETSI ITS-G5. The push for these frameworks in other regions with self-driving cars are going on, and eventually, we’ll see them being implemented on a larger and standardised format.